mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:modules: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
1d2ec674a7
commit
856b5abc95
@ -69,7 +69,7 @@ General notes
|
||||
|
||||
NFS4 handling logic is separated from AIX/jfs2 ACL parsing.
|
||||
|
||||
Samba and its VFS modules dosn't reorder ACEs. Windows clients do that (and the smbcacl tool). MSDN also says deny ACEs must come first.
|
||||
Samba and its VFS modules don't reorder ACEs. Windows clients do that (and the smbcacl tool). MSDN also says deny ACEs must come first.
|
||||
NFS4 ACL's validity is checked by the system API, not by Samba.
|
||||
NFS4 ACL rights are enforced by the OS or filesystem, not by Samba.
|
||||
|
||||
@ -83,7 +83,7 @@ TODOs
|
||||
=====
|
||||
- Creator Owner & Group SID handling (same way as posix)
|
||||
- the 4 generic rights bits support (GENERIC_RIGHT_READ_ACCESS, WRITE, EXEC, ALL)
|
||||
- chown & no ACL, but we have ONWER@ and GROUP@
|
||||
- chown & no ACL, but we have OWNER@ and GROUP@
|
||||
- DIALUP, ANONYMOUS, ... builtin SIDs
|
||||
- audit & alarm support - in theory it's forwarded so it should work, but currently there's no platform which supports them to test
|
||||
- support for a real NFS4 client (we don't have an accepted API yet)
|
||||
|
@ -41,7 +41,7 @@ without =O_PATH= support other mechanisms are used described in more detail
|
||||
below.
|
||||
|
||||
Path processing in Samba typically means processing client supplied paths by
|
||||
Samba's core path processing function =filename_convert()= which returs a
|
||||
Samba's core path processing function =filename_convert()= which returns a
|
||||
pointer to an object of type =struct smb_filename=. Pointers to such objects are
|
||||
then passed around, often passing many layers of code.
|
||||
|
||||
@ -106,7 +106,7 @@ whenever VFS access is done in a piecemeal fashion.
|
||||
*** When to open with O_PATH
|
||||
In Samba the decision whether to call POSIX ~open()~ on a client pathname or
|
||||
whether to leave the low-level handle at -1 (what we call a stat-open) is based
|
||||
on the client requested SMB acccess mask.
|
||||
on the client requested SMB access mask.
|
||||
|
||||
The set of access rights that trigger an ~open()~ includes
|
||||
~READ_CONTROL_ACCESS~. As a result, the open() will be done with at least
|
||||
@ -140,12 +140,12 @@ whenever VFS access is done in a piecemeal fashion.
|
||||
support ~O_PATH~ is needed.
|
||||
|
||||
The way this is implemented on such systems is impersonating the root user for
|
||||
the ~open()~ syscall. In order to avoid privelege escalations security issues,
|
||||
the ~open()~ syscall. In order to avoid privilege escalations security issues,
|
||||
we must carefully control the use these file-handles.
|
||||
|
||||
The low level filehandle is stored in a public struct ~struct file_handle~ that
|
||||
is part of the widely used ~struct files_struct~. Consumers used to simply
|
||||
access the fd directly by derefencing pointers to ~struct files_struct~.
|
||||
access the fd directly by dereferencing pointers to ~struct files_struct~.
|
||||
|
||||
In order to guard access to such file-handles we do two things:
|
||||
|
||||
@ -395,7 +395,7 @@ whenever VFS access is done in a piecemeal fashion.
|
||||
Callers use =openat_pathref_fsp()= to open a fsp on the parent directory.
|
||||
|
||||
*** Path based VFS functions <<Path>>
|
||||
All path based VFS functtions will be replaced by handle based variants using the
|
||||
All path based VFS functions will be replaced by handle based variants using the
|
||||
=smb_fname->fsp= provided by =filename_convert()=.
|
||||
|
||||
- SMB_VFS_CHDIR()
|
||||
|
@ -79,7 +79,7 @@ Table of Contents
|
||||
other mechanisms are used described in more detail below.
|
||||
|
||||
Path processing in Samba typically means processing client supplied paths
|
||||
by Samba's core path processing function `filename_convert()' which returs
|
||||
by Samba's core path processing function `filename_convert()' which returns
|
||||
a pointer to an object of type `struct smb_filename'. Pointers to such
|
||||
objects are then passed around, often passing many layers of code.
|
||||
|
||||
@ -159,7 +159,7 @@ Table of Contents
|
||||
|
||||
In Samba the decision whether to call POSIX `open()' on a client pathname
|
||||
or whether to leave the low-level handle at -1 (what we call a stat-open)
|
||||
is based on the client requested SMB acccess mask.
|
||||
is based on the client requested SMB access mask.
|
||||
|
||||
The set of access rights that trigger an `open()' includes
|
||||
`READ_CONTROL_ACCESS'. As a result, the open() will be done with at least
|
||||
@ -197,12 +197,12 @@ Table of Contents
|
||||
system doesn't support `O_PATH' is needed.
|
||||
|
||||
The way this is implemented on such systems is impersonating the root user
|
||||
for the `open()' syscall. In order to avoid privelege escalations security
|
||||
for the `open()' syscall. In order to avoid privilege escalations security
|
||||
issues, we must carefully control the use these file-handles.
|
||||
|
||||
The low level filehandle is stored in a public struct `struct file_handle'
|
||||
that is part of the widely used `struct files_struct'. Consumers used to
|
||||
simply access the fd directly by derefencing pointers to `struct
|
||||
simply access the fd directly by dereferencing pointers to `struct
|
||||
files_struct'.
|
||||
|
||||
In order to guard access to such file-handles we do two things:
|
||||
@ -507,7 +507,7 @@ Table of Contents
|
||||
2.2.4 Path based VFS functions
|
||||
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌
|
||||
|
||||
All path based VFS functtions will be replaced by handle based variants
|
||||
All path based VFS functions will be replaced by handle based variants
|
||||
using the `smb_fname->fsp' provided by `filename_convert()'.
|
||||
|
||||
• SMB_VFS_CHDIR()
|
||||
|
@ -214,7 +214,7 @@ struct parser_control
|
||||
int times_seen;
|
||||
int zones_seen;
|
||||
|
||||
/* Table of local time zone abbrevations, terminated by a null entry. */
|
||||
/* Table of local time zone abbreviations, terminated by a null entry. */
|
||||
table local_time_zone_table[3];
|
||||
};
|
||||
|
||||
@ -2586,7 +2586,7 @@ get_date (const char *p, const time_t *now)
|
||||
&& ! strcmp (pc.local_time_zone_table[0].name,
|
||||
pc.local_time_zone_table[1].name))
|
||||
{
|
||||
/* This locale uses the same abbrevation for standard and
|
||||
/* This locale uses the same abbreviation for standard and
|
||||
daylight times. So if we see that abbreviation, we don't
|
||||
know whether it's daylight time. */
|
||||
pc.local_time_zone_table[0].value = -1;
|
||||
|
@ -149,7 +149,7 @@ struct parser_control
|
||||
int times_seen;
|
||||
int zones_seen;
|
||||
|
||||
/* Table of local time zone abbrevations, terminated by a null entry. */
|
||||
/* Table of local time zone abbreviations, terminated by a null entry. */
|
||||
table local_time_zone_table[3];
|
||||
};
|
||||
|
||||
@ -962,7 +962,7 @@ get_date (const char *p, const time_t *now)
|
||||
&& ! strcmp (pc.local_time_zone_table[0].name,
|
||||
pc.local_time_zone_table[1].name))
|
||||
{
|
||||
/* This locale uses the same abbrevation for standard and
|
||||
/* This locale uses the same abbreviation for standard and
|
||||
daylight times. So if we see that abbreviation, we don't
|
||||
know whether it's daylight time. */
|
||||
pc.local_time_zone_table[0].value = -1;
|
||||
|
@ -24,7 +24,7 @@ typedef u_int aceflag4;
|
||||
* identifiers as numerical ids instead UTF8 strings in order to avoid wasting
|
||||
* CPU cycles for the costly conversion.
|
||||
*
|
||||
* Placed in a seperate field to avoid ever running into conflicts with newly
|
||||
* Placed in a separate field to avoid ever running into conflicts with newly
|
||||
* defined NFSv4 flags.
|
||||
*/
|
||||
|
||||
|
@ -937,7 +937,7 @@ static void test_dacl_creator_to_nfs4(void **state)
|
||||
if (creator_ace_flags[i].nfs4_flags == 0) {
|
||||
/*
|
||||
* CREATOR OWNER and CREATOR GROUP not mapped
|
||||
* in thise case.
|
||||
* in this case.
|
||||
*/
|
||||
assert_null(smb_first_ace4(nfs4_acl));
|
||||
} else {
|
||||
|
@ -311,7 +311,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
|
||||
} else {
|
||||
/*
|
||||
* make_sec_acl() at the bottom of this function
|
||||
* dupliates new_ace_list
|
||||
* duplicates new_ace_list
|
||||
*/
|
||||
new_ace_list = talloc_zero_array(talloc_tos(),
|
||||
struct security_ace,
|
||||
@ -400,7 +400,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
|
||||
* and psd_from_fs set to false.
|
||||
*
|
||||
* Returning the underlying filesystem ACL in case no. 2 is really just an
|
||||
* optimisation, because some validations have to fetch the filesytem ACL as
|
||||
* optimisation, because some validations have to fetch the filesystem ACL as
|
||||
* part of the validation, so we already have it available and callers might
|
||||
* need it as well.
|
||||
**/
|
||||
@ -973,8 +973,8 @@ NTSTATUS fset_nt_acl_common(
|
||||
}
|
||||
|
||||
/* We store hashes of both the sys ACL blob and the NT
|
||||
* security desciptor mapped from that ACL so as to improve
|
||||
* our chances against some inadvertant change breaking the
|
||||
* security descriptor mapped from that ACL so as to improve
|
||||
* our chances against some inadvertent change breaking the
|
||||
* hash used */
|
||||
status = create_sys_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash,
|
||||
sys_acl_description, sys_acl_hash);
|
||||
|
@ -334,7 +334,7 @@ static bool aixjfs2_process_smbacl(vfs_handle_struct *handle,
|
||||
|
||||
memset(jfs2_ace, 0, entryLen);
|
||||
jfs2_ace->entryLen = entryLen; /* won't store textual "who" */
|
||||
jfs2_ace->aceType = aceprop->aceType; /* only ACCES|DENY supported by jfs2 */
|
||||
jfs2_ace->aceType = aceprop->aceType; /* only ACCESS|DENY supported by jfs2 */
|
||||
jfs2_ace->aceFlags = aceprop->aceFlags;
|
||||
jfs2_ace->aceMask = aceprop->aceMask;
|
||||
jfs2_ace->flags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_ID_SPECIAL : 0;
|
||||
|
@ -45,7 +45,7 @@
|
||||
* size of the file before transferring it. With this
|
||||
* option, we remember that hint, and commit after
|
||||
* writing in that file position. If the client
|
||||
* doesn't declare the size of file, commiting on EOF
|
||||
* doesn't declare the size of file, committing on EOF
|
||||
* is not triggered.
|
||||
*
|
||||
* = growth Commits after a write operation has made the file
|
||||
|
@ -145,7 +145,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx,
|
||||
|
||||
/*
|
||||
* dfs links returned have had '/' characters replaced with '\'.
|
||||
* Return them to '/' so we can have absoute path mapfilenames.
|
||||
* Return them to '/' so we can have absolute path mapfilenames.
|
||||
*/
|
||||
string_replace(mapfilename, '\\', '/');
|
||||
|
||||
|
@ -314,7 +314,7 @@ static int check_for_write_behind_translator(TALLOC_CTX *mem_ctx,
|
||||
|
||||
/*
|
||||
* file_lines_parse() plays horrible tricks with
|
||||
* the passed-in talloc pointers and the hierarcy
|
||||
* the passed-in talloc pointers and the hierarchy
|
||||
* which makes freeing hard to get right.
|
||||
*
|
||||
* As we know mem_ctx is freed by the caller, after
|
||||
|
@ -782,7 +782,7 @@ static bool hpux_acl_sort(HPUX_ACL_T hpux_acl, int count)
|
||||
* structures.
|
||||
* Inputs:
|
||||
*
|
||||
* acl_count - Count of ACLs in the array of ACL strucutres.
|
||||
* acl_count - Count of ACLs in the array of ACL structures.
|
||||
* aclp - Array of ACL structures.
|
||||
* acl_type_count - Pointer to acl_types structure. Should already be
|
||||
* allocated.
|
||||
@ -1008,7 +1008,7 @@ or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
|
||||
* Sorting crieteria - First sort by ACL type. If there are multiple entries of
|
||||
* same ACL type, sort by ACL id.
|
||||
*
|
||||
* I am using the trival kind of sorting method here because, performance isn't
|
||||
* I am using the trivial kind of sorting method here because, performance isn't
|
||||
* really effected by the ACLs feature. More over there aren't going to be more
|
||||
* than 17 entries on HPUX.
|
||||
*/
|
||||
|
@ -569,7 +569,7 @@ static int preopen_openat(struct vfs_handle_struct *handle,
|
||||
}
|
||||
|
||||
/*
|
||||
* Make sure we can later contruct an absolute pathname
|
||||
* Make sure we can later construct an absolute pathname
|
||||
*/
|
||||
if (dirname[0] != '/') {
|
||||
return res;
|
||||
@ -656,7 +656,7 @@ static int preopen_openat(struct vfs_handle_struct *handle,
|
||||
need_reset = true;
|
||||
} else if (state->number_start != new_start) {
|
||||
/*
|
||||
* If the digits started at a different possition
|
||||
* If the digits started at a different position
|
||||
* we better reset the queue
|
||||
*/
|
||||
DBG_PREFIX(state->reset_dbglvl, ("RESET: "
|
||||
|
@ -864,7 +864,7 @@ static char *shadow_copy2_do_convert(TALLOC_CTX *mem_ctx,
|
||||
insertlen = talloc_get_size(insert)-1;
|
||||
|
||||
/*
|
||||
* Note: We deliberatly don't expensively initialize the
|
||||
* Note: We deliberately don't expensively initialize the
|
||||
* array with talloc_zero here: Putting zero into
|
||||
* converted[pathlen+insertlen] below is sufficient, because
|
||||
* in the following for loop, the insert string is inserted
|
||||
|
@ -1674,7 +1674,7 @@ static int snapper_get_shadow_copy_data(struct vfs_handle_struct *handle,
|
||||
goto err_rsp_free;
|
||||
}
|
||||
|
||||
/* start at end for decending order, do not include 0 (current) */
|
||||
/* start at end for descending order, do not include 0 (current) */
|
||||
lbl_off = 0;
|
||||
for (i = num_snaps - 1; i > 0; i--) {
|
||||
char *lbl = sc_data->labels[lbl_off++];
|
||||
|
@ -466,7 +466,7 @@ static NTSTATUS stream_smb_fname(vfs_handle_struct *handle,
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
/* Normalize the stream type to upercase. */
|
||||
/* Normalize the stream type to uppercase. */
|
||||
if (!strupper_m(strrchr_m(stream_fname, ':') + 1)) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto fail;
|
||||
|
@ -197,7 +197,7 @@ static bool tsmsm_is_offline(struct vfs_handle_struct *handle,
|
||||
* become_root() is just as good anyway (tridge)
|
||||
*/
|
||||
|
||||
/* Also, AIX has DMAPI but no POSIX capablities support. In this case,
|
||||
/* Also, AIX has DMAPI but no POSIX capabilities support. In this case,
|
||||
* we need to be root to do DMAPI manipulations.
|
||||
*/
|
||||
become_root();
|
||||
|
@ -649,7 +649,7 @@ bool virusfilter_io_readl(TALLOC_CTX *ctx,
|
||||
}
|
||||
|
||||
/*
|
||||
* We read read_size bytes. Extend the useable
|
||||
* We read read_size bytes. Extend the usable
|
||||
* buffer length.
|
||||
*/
|
||||
io_h->r_len += read_size;
|
||||
|
@ -607,7 +607,7 @@ static int vxfs_fremove_xattr(struct vfs_handle_struct *handle,
|
||||
/* Remove with new way */
|
||||
ret_new = vxfs_removexattr_fd(fsp_get_io_fd(fsp), name);
|
||||
/*
|
||||
* If both fail, return failuer else return whichever succeeded
|
||||
* If both fail, return failure else return whichever succeeded
|
||||
*/
|
||||
if (errno == ENOTSUP || errno == ENOSYS) {
|
||||
errno = old_errno;
|
||||
|
@ -83,7 +83,7 @@
|
||||
|
||||
idiom in the vfs functions.
|
||||
|
||||
2). The module hides the existance of symlinks by inside
|
||||
2). The module hides the existence of symlinks by inside
|
||||
lstat(), open(), and readdir() so long as it's not a POSIX
|
||||
pathname request (those requests *must* be aware of symlinks
|
||||
and the POSIX client has to follow them, it's expected that
|
||||
|
Loading…
Reference in New Issue
Block a user